GitHub Will Train on Your Copilot Data by April 24. How to Opt Out.

← Back to Blog

If you use GitHub Copilot Free, Pro, or Pro+, and you do not change a setting before April 24, 2026, GitHub will use your interaction data — inputs, outputs, code snippets, and surrounding context — to train AI models. That includes context from private repositories when you actively use Copilot in them.

What's happening: GitHub announced on March 26, 2026, that Copilot Free/Pro/Pro+ interaction data will become opt-out for AI model training effective April 24. No warning dialog, no email to users, no in-product countdown. The setting is reachable but it is not in front of you — you have to go find it.

What Actually Changes on April 24

From GitHub's own announcement: "From April 24 onward, interaction data — specifically inputs, outputs, code snippets, and associated context — from Copilot Free, Pro, and Pro+ users will be used to train and improve our AI models unless they opt out."

The three pieces that matter:

Affected tiers: Copilot Free, Pro, and Pro+.
Not affected: Copilot Business and Copilot Enterprise. Interaction data from enterprise-owned repositories is also excluded.
Data scope: inputs you send, outputs you accept or modify, the code context surrounding your cursor, comments, documentation, file names, repository structure, and feedback signals like thumbs-up/thumbs-down.

For authoritative detail, see GitHub's announcement: Updates to GitHub Copilot interaction data usage policy.

How to Opt Out (30 seconds)

The setting lives in your GitHub account privacy preferences, not inside your IDE.

Open GitHub → Settings in the web app. (If you're signed in, that link goes straight to your Copilot settings.)
Find the Privacy section for Copilot.
Toggle off the option that allows GitHub to use your Copilot interaction data for model training.
Save. Your future interaction data is out of the training pipeline from that moment.

GitHub's own documentation: Managing Copilot policies as an individual subscriber. The exact label on the toggle may shift as GitHub iterates — look for anything under Privacy that references data used for training or product improvement.

How to Confirm the Opt-Out Took Effect

Toggling a setting in a web UI is not the same as verifying that the setting is actually respected by the underlying system. Here is how to confirm:

Method 1: Re-check the settings page. Navigate back to the Copilot Policies page 24 hours after toggling. Confirm the option is still in the off state. Settings pages have been known to silently revert after backend updates. Screenshot the confirmed-off state with a timestamp.

Method 2: Network inspection. Open your browser's DevTools (F12), go to the Network tab, trigger a Copilot code suggestion in your IDE, and look at outbound requests. What you are watching for is whether telemetry endpoints receive payloads marked with a training-consent flag. This requires some familiarity with the network panel, but even a casual scan gives you evidence for your records. Note: GitHub does not publish an exhaustive list of its telemetry endpoints, so absence of an obvious "training=true" parameter is suggestive but not conclusive proof. The toggle is the authoritative mechanism — the network check is belt-and-suspenders.

Method 3: Audit your organization's accounts separately. If you are a team lead or engineering manager, the opt-out is per-account, not org-wide. An organization-level Copilot Business or Enterprise license handles this differently — but any member of your team running a personal Copilot Free or Pro account alongside a work account needs to toggle it independently. There is no bulk action for individual-tier accounts. Send the link to this article instead.

Why This Matters for Your Code

Two categories of developers are exposed.

First: proprietary code. If you use Copilot while working on a private project — a startup idea, a client contract, internal tooling — inputs and context from that session flow through Copilot and, absent the opt-out, into model training. The distinction GitHub draws is between code "at rest" in a private repo (not accessed) and code "actively sent to Copilot during a session" (in scope). In practice, any file open in your editor while Copilot is running is the latter.

Second: compliance. If you work in healthcare, finance, or any regulated industry with data-residency or third-party-use restrictions, most procurement contracts forbid third-party training on code written under the contract. This policy change turns a Copilot license into a compliance audit trigger. Individual subscribers under those contracts should opt out immediately and document the date.

Why It's Controversial

The GitHub Community discussion where users raised concerns has accumulated hundreds of downvotes. The core objection is not "GitHub trains on code." It is that the change is opt-out, not opt-in, and the opt-out was announced quietly with no in-product visibility. Millions of developers will remain in-scope not because they agreed, but because they never saw the notification.

Opt-out design at this scale is not neutral. It is a decision to transfer the cost of privacy from the vendor to the individual. At GitHub's scale, that means most developers will train models without ever consciously agreeing to.

The Bigger Pattern: When You Subscribe, They Can Change the Terms

This is the Postman/Insomnia/Cursor cycle repeating: start developer-friendly and privacy-conscious, build enough trust that switching is painful, then monetize the trust later. It is not unique to GitHub. It is the default outcome when the product and the model-training team share a roadmap.

That is not a moral argument. It is a planning argument. If your stack depends on a third-party AI tool whose privacy posture can be revised by announcement, you do not actually own that privacy posture — you are renting it.

The recurring subscription model is where this leverage comes from. When you pay $10/month for Copilot, GitHub holds the renewal. The moment you are dependent enough that switching hurts, the vendor can revise defaults — opt-out data training, telemetry policy changes, model hosting location shifts — and the cost of leaving is high enough that most users accept it. The April 24 change is exactly this mechanism in action. The price stayed the same. The terms changed.

The contrast is tools you pay for once and keep. When there is no renewal to hold over you, the vendor has no mechanism to ratchet terms after the sale. A one-time purchase is structurally different from a subscription: the transaction ends at the moment of purchase, and the vendor's leverage with it. That is not a marketing framing — it is how incentives work. A developer tool that cost you $29 once and runs locally has zero ability to change its data-handling defaults because there is no ongoing relationship to renegotiate.

This does not mean subscriptions are bad products. It means understanding which layer of your stack you need to own outright vs. which layer you can accept renting. For code you touch every day, code that contains client secrets, architecture patterns, internal logic — that is the layer worth owning.

The Alternative: Build Your Own Agent Stack

A growing number of developers are shifting from "which AI tool do I buy" to "how do I build my own?" The Claude API, combined with Claude Code's sub-agent model, gives you a privacy-controlled coding assistant where you decide what data flows where. No opt-out deadlines. No policy revisions. No surprise emails.

The trade-off is setup time and coordination. You need to design your agent roster, write their system prompts, decide what context they get, and wire them into your workflow. That is non-trivial, which is exactly why we packaged the architecture.

Own the tools. Own the data.

Septim Vault — $29 lifetime. Local-only credentials manager. Secrets are encrypted in your browser, never leave your machine, no telemetry, no training pipeline, no vendor who can change defaults. septimlabs.com/vault

Septim Drills — $29 lifetime. 50+ pre-written Claude Code workflows. Drop into ~/.claude/ and you have a structured coding assistant you actually own — an alternative to Copilot's suggestion engine where you control what runs and what gets sent nowhere. septimlabs.com/drills

Both pay once. No renewal. No default-change announcements. Use code FOUNDINGRATE24 for 20% off.

Get Vault →

Checklist

Before April 24: Open GitHub Settings → Privacy section under Copilot. Toggle off training-data use. Screenshot the setting for your records.
If you work under NDA or regulated data: Document the opt-out date in your compliance log.
Team leads: Forward this post or GitHub's official post to the whole team. Opt-out is per-account, not per-org.
If you want more control: Evaluate whether Copilot Business/Enterprise (which are exempt by default) makes sense for your team, or whether a Claude-based agent stack you own outright is the better investment.
Calendar reminder: Set a check-in six months out to re-audit the setting. Opt-outs have been known to reset after policy revisions.

Until AI-vendor privacy is locked in at the contract level, policy reversals will keep happening. The April 24 deadline is not the last one — it is the current one. Treat every AI tool you depend on the way you would treat any other vendor: read the policy page, track the changes, and own the layer you cannot afford to lose.

— The Septim Labs team